Subject: [ASA-202002-11] chromium: multiple issues Arch Linux Security Advisory ASA-202002-11 ========================================== Severity: High Date : 2020-02-25 CVE-ID : CVE-2020-6407 CVE-2020-6418 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1102 Summary ======= The package chromium before version 80.0.3987.122-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 80.0.3987.122-1. # pacman -Syu "chromium>=80.0.3987.122-1" The problems have been fixed upstream in version 80.0.3987.122. Workaround ========== None. Description =========== - CVE-2020-6407 (information disclosure) An out-of-bounds memory access vulnerability has been found in the streams component of chromium before 80.0.3987.122. - CVE-2020-6418 (arbitrary code execution) A type confusion vulnerability has been found in the V8 component of chromium before 80.0.3987.122. Impact ====== A remote attacker can access sensitive information or execute arbitrary code on the affected host. References ========== https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html https://crbug.com/1045931 https://crbug.com/1053604 https://security.archlinux.org/CVE-2020-6407 https://security.archlinux.org/CVE-2020-6418